Oracle has published a pre-announcement of the fixes it plans to apply to Java SE in its critical patch update (CPU) due later today. The company says that 40 security fixes have been included and that, of those, 37 can be remotely exploited without the need for a username or password.

__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

No doubt, but is the quantification and severity assessment of the problems so unimportant?

Rather than compare Java to Linux, it would be interesting to compare it to C#. The two runtimes must be very similar. The languages started out only trivially different as far as I can tell, though perhaps they're starting to diverge. The included class libraries are nearly equally immense (and similar?). So if the security record is vastly different it might say something, either about the abilities of the implementers and maintainers, their release and QA process, or about how hard and skillfully the world is looking for flaws.

For another conclusion drawn from Java's horrible record, see here:

"Bjarne: I do not consider it the job of a programming language to be “secure.” Security is a systems property and a language that is – among other things – a systems programming language cannot provide that by itself. C++ offers protection against errors, rather than protection against deliberate violation of rules. C++11 is better at that than C++98, but the repeated failures of languages that did promise security (e.g. Java), demonstrates that C++’s more modest promises are reasonable. " -- https://www.informit.com/articles/ar...up&WT.rss_ev=a

Does it state the severity of the problem or if the problem was solved? No.

It would be helpful and more informative if the data regarding the patches which worked and the time between the discovery of the holes & patching was displayed.

Java is can be installed on all systems and can be ported to unsupported architectures and systems using NFS export from a system that has Java support. It would be better to compare Java to Python and Perl than to Linux and Windows.

You are right in stating that security problems should be voiced and printed; however, an analogy should be of the same class and type.
Peaches to apricots and oranges to lemons- pit fruits compared and citrus fruits compared- rather than apples to oranges, you know?